The Memory Disambiguator(MD) predicts which of the loads do not depend on an earlier store instruction. Modern processors can execute load/store instructions out-of-order and speculatively (when both load(read) and store(write) instructions are present in the load-store-queue). When both load and store instructions are queued, load instruction would not execute before addresses of all the store instructions in the queue are known. To maintain the consistent memory state, processors use load-store-queue buffer to process load(read) and store(write) instructions. In both cases, addresses and is resolved to a memory location before data can be accessed.Ī typical program has many load(read) and store(write) instructions at times both operating on the same memory address. Mov rax, : Load data from memory location into RAX register Mov, 0x0 : Store zero(0) into memory location Before Load and Store instructions can access data, they need to resolve the address given by their operand, ex. al.Īs instructions are executed, the processor loads(read) and stores(write) data from/to the main memory. To maximize the number of instructions executed or to improve performance, processors add multiple execution cores, faster cache memory, and employs various techniques such as Out-of-Order Execution, Branch Prediction, Speculative Execution, Data Prefetching, Memory Access Reordering, Memory Disambiguation et. At the core they execute a sequence of instructions (aka a program) and store results into memory. Modern computer processors are highly complex systems. This issue is similar to CVE-2017-5753 (aka “Spectre v1”), except it leverages Speculative Store Bypass memory optimization in place of Branch Misprediction used by Spectre v1. Background InformationĬVE-2018-3639 (aka “Speculative Store Bypass”) opens a new avenue (like Branch Misprediction) which can be exploited via speculative execution and cache based side channel methods to bypass security measures and access privileged memory. This issue was disclosed to the public May 21, 2018. At this time, microprocessor microcode will be delivered by the individual manufacturers, but at a future time Red Hat will release the tested and signed updates as we receive them. To fully mitigate this vulnerability, system administrators must apply both hardware “microcode” updates and software patches that enable new functionality. All currently supported versions of Red Hat Enterprise Linux, Red Hat OpenShift, Red Hat Virtualization, and Red Hat OpenStack Platform are affected.Ī malicious, unprivileged user could use this flaw to read privileged system memory and/or memory outside of a sandboxed environment like a web-browser or JIT execution run times. This issue is known to affect CPUs of various microarchitectures from: AMD, ARM, IBM POWER8, and POWER9, and Intel processors. This issue has been assigned CVE-2018-3639 and is also referred to as “Variant 4” or “Speculative Store Bypass”. An unprivileged attacker can use this flaw to bypass restrictions in order to gain read access to privileged memory that would otherwise be inaccessible. Red Hat has been made aware of a vulnerability that exists in modern microprocessors, requiring updates to the Linux kernel, virtualization-related components, and a microcode update.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |